+++ /dev/null
- --- 9.5.2-P2 released ---
-
-2831. [security] Do not attempt to validate or cache
- out-of-bailiwick data returned with a secure
- answer; it must be re-fetched from its original
- source and validated in that context. [RT #20819]
-
-2828. [security] Cached CNAME or DNAME RR could be returned to clients
- without DNSSEC validation. [RT #20737]
-
-2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
-
- --- 9.5.2-P1 released ---
-
-2772. [security] When validating, track whether pending data was from
- the additional section or not and only return it if
- validates as secure. [RT #20438]
-
- --- 9.5.2 released ---
-
-2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
- decoded. [RT #20269]
-
-2678. [func] Treat DS queries as if "minimal-response yes;"
- was set. [RT #20258]
-
-2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
- was set. [RT #18528]
-
- --- 9.5.2rc1 released ---
-
-2672. [bug] Don't enable searching in 'host' when doing reverse
- lookups. [RT #20218]
-
-2670. [bug] Unexpected connect failures failed to log enough
- information to be useful. [RT #20205]
-
-2663. [func] win32: allow named to run as a service using
- "NT AUTHORITY\LocalService" as the account. [RT #19977]
-
-2656. [func] win32: add a "tools only" check box to the installer
- which causes it to only install dig, host, nslookup,
- nsupdate and relevent dlls. [RT #19998]
-
-2655. [doc] Document that key-directory does not affect
- rndc.key. [RT #20155]
-
- --- 9.5.2b1 released ---
-
-2649. [bug] Set the domain for forward only zones. [RT #19944]
-
-2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
-
-2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
-
-2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
- which default to 64 bits. [RT #19927]
-
-2642. [bug] nsupdate could dump core on solaris when reading
- improperly formatted key files. [RT #20015]
-
-2640. [security] A specially crafted update packet will cause named
- to exit. [RT #20000]
-
-2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
- [RT #19959]
-
-2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
- [RT #19716]
-
-2633. [bug] Handle 15 bit rand() functions. [RT #19783]
-
-2632. [func] util/kit.sh: warn if documentation appears to be out of
- date. [RT #19922]
-
-2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
-
-2621. [doc] Made copyright boilterplate consistent. [RT #19833]
-
-2920. [bug] Delay thawing the zone until the reload of it has
- completed successfully. [RT #19750]
-
-2618. [bug] The sdb and sdlz db_interator_seek() methods could
- loop infinitely. [RT #19847]
-
-2617. [bug] ifconfig.sh failed to emit an error message when
- run from the wrong location. [RT #19375]
-
-2616. [bug] 'host' used the nameservers from resolv.conf even
- when a explicit nameserver was specified. [RT #19852]
-
-2615. [bug] "__attribute__((unused))" was in the wrong place
- for ia64 gcc builds. [RT #19854]
-
-2614. [port] win32: 'named -v' should automatically be executed
- in the foreground. [RT #19844]
-
-2610. [port] sunos: Change #2363 was not complete. [RT #19796]
-
-2606. [bug] "delegation-only" was not being accepted in
- delegation-only type zones. [RT #19717]
-
-2605. [bug] Accept DS responses from delegation only zones.
- [RT # 19296]
-
-2603. [port] win32: handle .exe extension of named-checkzone and
- named-comilezone argv[0] names under windows.
- [RT #19767]
-
-2602. [port] win32: fix debugging command line build of libisccfg.
- [RT #19767]
-
-2599. [bug] Address rapid memory growth when validation fails.
- [RT #19654]
-
-2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
- long, leading to inefficient memory usage or rejecting
- newer cache entries in the worst case. [RT #19563]
-
-2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
-
-2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
-
-2591. [bug] named could die when processing a update in
- removed_orphaned_ds(). [RT #19507]
-
-2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
- [RT #19626]
-
-2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
- or SDB. [RT #19577]
-
-2585. [bug] Uninitialized socket name could be referenced via a
- statistics channel, triggering an assertion failure in
- XML rendering. [RT #19427]
-
-2584. [bug] alpha: gcc optimization could break atomic operations.
- [RT #19227]
-
-2583. [port] netbsd: provide a control to not add the compile
- date to the version string, -DNO_VERSION_DATE.
-
-2582. [bug] Don't emit warning log message when we attempt to
- remove non-existant journal. [RT #19516]
-
-2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
- Requires MySQL 5.0.19 or later. [RT #19084]
-
-2580. [bug] UpdateRej statistics counter could be incremented twice
- for one rejection. [RT #19476]
-
-2579. [bug] DNSSEC lookaside validation failed to handle unknown
- algorithms. [RT #19479]
-
-2577. [doc] Clarified some statistics counters. [RT #19454]
-
-2573. [bug] Replacing a non-CNAME record with a CNAME record in a
- single transaction in a signed zone failed. [RT #19397]
-
-2568. [bug] Report when the write to indicate a otherwise
- successful start fails. [RT #19360]
-
-2567. [bug] dst__privstruct_writefile() could miss write errors.
- write_public_key() could miss write errors.
- [RT #19360]
-
-2564. [bug] Only take EDNS fallback steps when processing timeouts.
- [RT #19405]
-
-2563. [bug] Dig could leak a socket causing it to wait forever
- to exit. [RT #19359]
-
-2562. [doc] ARM: miscellaneous improvements, reorganization,
- and some new content.
-
-2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
-
-2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
-
-2557. [cleanup] PCI compliance:
- * new libisc log module file
- * isc_dir_chroot() now also changes the working
- directory to "/".
- * additional INSISTs
- * additional logging when files can't be removed.
-
-2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
-
-2552. [bug] zero-no-soa-ttl-cache was not being honoured.
- [RT #19340]
-
-2551. [bug] Potential Reference leak on return. [RT #19341]
-
-2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
- [RT #19343]
-
-2549. [port] linux: define NR_OPEN if not currently defined.
- [RT #19344]
-
-2547. [bug] openssl_link.c:mem_realloc() could reference an
- out-of-range area of the source buffer. New public
- function isc_mem_reallocate() was introduced to address
- this bug. [RT #19313]
-
-2545. [doc] ARM: Legal hostname checking (check-names) is
- for SRV RDATA too. [RT #19304]
-
-2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
-
-2542. [doc] Update the description of dig +adflag. [RT #19290]
-
-2541. [bug] Conditionally update dispatch manager statistics.
- [RT #19247]
-
-2539. [security] Update the interaction between recursion, allow-query,
- allow-query-cache and allow-recursion. [RT #19198]
-
-2538. [bug] cache/ADB memory could grow over max-cache-size,
- especially with threads and smaller max-cache-size
- values. [RT #19240]
-
-2537. [experimental] Added more statistics counters including those on socket
- I/O events and query RTT histograms. [RT #18802]
-
-2536. [cleanup] Silence some warnings when -Werror=format-security is
- specified. [RT #19083]
-
-2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
-
-2532. [bug] dig: check the question section of the response to
- see if it matches the asked question. [RT #18495]
-
-2531. [bug] Change #2207 was incomplete. [RT #19098]
-
-2529. [cleanup] Upgrade libtool to silence complaints from recent
- version of autoconf. [RT #18657]
-
-2528. [cleanup] Silence spurious configure warning about
- --datarootdir [RT #19096]
-
-2527. [bug] named could reuse cache on reload with
- enabling/disabling validation. [RT #19119]
-
-2525. [experimental] New logging category "query-errors" to provide detailed
- internal information about query failures, especially
- about server failures. [RT #19027]
-
-2523. [bug] Random type rdata freed by dns_nsec_typepresent().
- [RT #19112]
-
-2522. [security] Handle -1 from DSA_do_verify().
-
-2521. [bug] Improve epoll cross compilation support. [RT #19047]
-
-2519. [bug] dig/host with -4 or -6 didn't work if more than two
- nameserver addresses of the excluded address family
- preceded in resolv.conf. [RT #19081]
-
-2517. [bug] dig +trace with -4 or -6 failed when it chose a
- nameserver address of the excluded address type.
- [RT #18843]
-
-2516. [bug] glue sort for responses was performed even when not
- needed. [RT #19039]
-
-2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
- a nameserver of the excluded address family.
- [RT #18848]
-
-2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
- [RT #18885]
-
-2506. [port] solaris: Check at configure time if
- hack_shutup_pthreadonceinit is needed. [RT #19037]
-
-2505. [port] Treat amd64 similarly to x86_64 when determining
- atomic operation support. [RT #19031]
-
-2503. [port] linux: improve compatibility with Linux Standard
- Base. [RT #18793]
-
-2502. [cleanup] isc_radix: Improve compliance with coding style,
- document function in <isc/radix.h>. [RT #18534]
-
-2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
- function. [RT #18582]
-
-2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
- [RT #18837]
-
- --- 9.5.1 released ---
-
-2520. [bug] Update xml statistics version number to 2.0 as change
- #2388 made the schema incompatible to the previous
- version. [RT #19080]
-
- --- 9.5.1rc2 released ---
-
-2513 [bug] Fix windows cli build. [RT #19062]
-
-2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
- [RT #19033]
-
-2509. [bug] Specifying a fixed query source port was broken.
- [RT #19051]
-
-2504. [bug] Address race condition in the socket code. [RT #18899]
-
- --- 9.5.1rc1 released ---
-
-2498. [bug] Removed a bogus function argument used with
- ISC_SOCKET_USE_POLLWATCH: it could cause compiler
- warning or crash named with the debug 1 level
- of logging. [RT #18917]
-
-2496. [bug] Add sanity length checks to NSID option. [RT #18813]
-
-2495. [bug] Tighten RRSIG checks. [RT #18795]
-
-2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
- installed. [RT #18826]
-
-2493. [bug] The linux capabilites code was not correctly cleaning
- up after itself. [RT #18767]
-
-2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
- is cleared when IPV6_V6ONLY is set. [RT #18785]
-
-2489. [port] solaris: Workaround Solaris's kernel bug about
- /dev/poll:
- http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
- Define ISC_SOCKET_USE_POLLWATCH at build time to enable
- this workaround. [RT #18870]
-
-2487. [bug] Give TCP connections longer to complete. [RT #18675]
-
-2485. [bug] Change update's the handling of obscured RRSIG
- records. Not all orphand DS records were being
- removed. [RT #18828]
-
-2482. [port] libxml2: support versions 2.7.* in addition
- to 2.6.*. [RT #18806]
-
-2479. [bug] xfrout:covers was not properly initalized. [RT #18801]
-
-2478. [bug] 'addresses' could be used uninitalized in
- configure_forward(). [RT #18800]
-
-2476. [doc] ARM: improve documentation for max-journal-size and
- ixfr-from-differences. [RT #15909] [RT #18541]
-
- --- 9.5.1b3 released ---
-
-2475. [bug] LRU cache cleanup under overmem condition could purge
- particular entries more aggressively. [RT #17628]
-
-2474. [bug] ACL structures could be allocated with insufficient
- space, causing an array overrun. [RT #18765]
-
-2473. [port] linux: raise the limit on open files to the possible
- maximum value before spawning threads; 'files'
- specified in named.conf doesn't seem to work with
- threads as expected. [RT #18784]
-
-2472. [port] linux: check the number of available cpu's before
- calling chroot as it depends on "/proc". [RT #16923]
-
-2471. [bug] named-checkzone was not reporting missing mandatory
- glue when sibling checks were disabled. [RT #18768]
-
-2470. [bug] Elements of the isc_radix_node_t could be incorrectly
- overwritten. [RT# 18719]
-
-2469. [port] solaris: Work around Solaris's select() limitations.
- [RT #18769]
-
-2468. [bug] Resolver could try unreachable servers multiple times.
- [RT #18739]
-
-2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
-
-2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
- [RT #18302]
-
-2465. [bug] Adb's handling of lame addresses was different
- for IPv4 and IPv6. [RT #18738]
-
-2464. [port] linux: check that a capability is present before
- trying to set it. [RT #18135]
-
-2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
- API and glibc hides parts of the IPv6 Advanced Socket
- API as a result. This is stupid as it breaks how the
- two halves (Basic and Advanced) of the IPv6 Socket API
- were designed to be used but we have to live with it.
- Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
- API. [RT #18388]
-
-2462. [doc] Document -m (enable memory usage debugging)
- option for dig. [RT #18757]
-
-2461. [port] sunos: Change #2363 was not complete. [RT #17513]
-
-2458. [doc] ARM: update and correction for max-cache-size.
- [RT #18294]
-
-2457. [tuning] max-cache-size is reverted to 0, the previous
- default. It should be safe because expired cache
- entries are also purged. [RT #18684]
-
-2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
- address, regardless of family. They now correctly
- distinguish IPv4 from IPv6. [RT #18559]
-
-2455. [bug] Stop metadata being transferred via axfr/ixfr.
- [RT #18639]
-
-2453. [bug] Remove NULL pointer dereference in dns_journal_print().
- [RT #18316]
-
-2451. [port] solaris: handle runtime linking better. [RT #18356]
-
-2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
- [RT #18044]
-
-2445. [doc] ARM out-of-date on empty reverse zones (list includes
- RFC1918 address, but these are not yet compiled in).
- [RT #18578]
-
-2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
- (clear DF) for UDP responses and requests.
-
-2387. [bug] Silence compiler warnings in lib/isc/radix.c.
- [RT #18147] [RT #18258]
-
-2369. [bug] libbind: Array bounds overrun on read in bitncmp().
- [RT #18054]
-
- --- 9.5.1b2 released ---
-
-2443. [bug] win32: UDP connect() would not generate an event,
- and so connected UDP sockets would never clean up.
- Fix this by doing an immediate WSAConnect() rather
- than an io completion port type for UDP.
-
-2442. [bug] A lock could be destroyed twice. [RT# 18626]
-
-2441. [bug] isc_radix_insert() could copy radix tree nodes
- incompletely. [RT #18573]
-
-2440. [bug] named-checkconf used an incorrect test to determine
- if an ACL was set to none.
-
-2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
- [RT #18559]
-
-2438. [bug] Timeouts could be logged incorrectly under win32.
- [RT #18617]
-
-2437. [bug] Sockets could be closed too early, leading to
- inconsistent states in the socket module. [RT #18298]
-
-2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
-
-2435. [bug] Fixed an ACL memory leak affecting win32.
-
-2434. [bug] Fixed a minor error-reporting bug in
- lib/isc/win32/socket.c.
-
-2433. [tuning] Set initial timeout to 800ms.
-
-2432. [bug] More Windows socket handling improvements. Stop
- using I/O events and use IO Completion Ports
- throughout. Rewrite the receive path logic to make
- it easier to support multiple simultaneous
- requesters in the future. Add stricter consistency
- checking as a compile-time option (define
- ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
-
-2431. [bug] Acl processing could leak memory. [RT #18323]
-
-2430. [bug] win32: isc_interval_set() could round down to
- zero if the input was less than NS_INTERVAL
- nanoseconds. Round up instead. [RT #18549]
-
-2429. [doc] nsupdate should be in section 1 of the man pages.
- [RT #18283]
-
-2428. [bug] dns_iptable_merge() mishandled merges of negative
- tables. [RT #18409]
-
-2426. [bug] libbind: inet_net_pton() can sometimes return the
- wrong value if excessively large net masks are
- supplied. [RT #18512]
-
-2425. [bug] named didn't detect unavailable query source addresses
- at load time. [RT #18536]
-
-2424. [port] configure now probes for a working epoll
- implementation. Allow the use of kqueue,
- epoll and /dev/poll to be selected at compile
- time. [RT #18277]
-
-2422. [bug] Handle the special return value of a empty node as
- if it was a NXRRSET in the validator. [RT #18447]
-
-2421. [func] Add new command line option '-S' for named to specify
- the max number of sockets. [RT #18493]
- Use caution: this option may not work for some
- operating systems without rebuilding named.
-
-2420. [bug] Windows socket handling cleanup. Let the io
- completion event send out cancelled read/write
- done events, which keeps us from writing to memory
- we no longer have ownership of. Add debugging
- socket_log() function. Rework TCP socket handling
- to not leak sockets.
-
-2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
- should not be used for isc_sockettype_fdwatch sockets.
- [RT #18521]
-
-2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
- [RT #18430]
-
-2417. [bug] Connecting UDP sockets for outgoing queries could
- unexpectedly fail with an 'address already in use'
- error. [RT #18411]
-
-2416. [func] Log file descriptors that cause exceeding the
- internal maximum. [RT #18460]
-
-2415. [bug] 'rndc dumpdb' could trigger various assertion failures
- in rbtdb.c. [RT #18455]
-
-2414. [bug] A masterdump context held the database lock too long,
- causing various troubles such as dead lock and
- recursive lock acquisition. [RT #18311, #18456]
-
-2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
-
-2412. [bug] win32: address a resourse leak. [RT #18374]
-
-2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
- for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
- at compilation time. [RT #18433]
-
- Note: with changes #2469 and #2421 above, there is no
- need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
- any more.
-
-2410. [bug] Correctly delete m_versionInfo. [RT #18432]
-
-2409. [bug] Only log that we disabled EDNS processing if we were
- subsequently successful. [RT #18029]
-
-2408. [bug] A duplicate TCP dispatch event could be sent, which
- could then trigger an assertion failure in
- resquery_response(). [RT #18275]
-
-2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
-
-2405. [cleanup] The default value for dnssec-validation was changed to
- "yes" in 9.5.0-P1 and all subsequent releases; this
- was inadvertently omitted from CHANGES at the time.
-
-2404. [port] hpux: files unlimited support.
-
-2403. [bug] TSIG context leak. [RT #18341]
-
-2402. [port] Support Solaris 2.11 and over. [RT #18362]
-
-2401. [bug] Expect to get E[MN]FILE errno internal_accept()
- (from accept() or fcntl() system calls). [RT #18358]
-
-2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
- [RT #18297]
-
-2398. [bug] Improve file descriptor management. New,
- temporary, named.conf option reserved-sockets,
- default 512. [RT #18344]
-
-2397. [bug] gssapi_functions bad declaration. [RT #18355]
-
-2396. [bug] Don't set SO_REUSEADDR for randomized ports.
- [RT #18336]
-
-2395. [port] Avoid warning and no effect from "files unlimited"
- on Linux when running as root. [RT #18335]
-
-2394. [bug] Default configuration options set the limit for
- open files to 'unlimited' as described in the
- documentation. [RT #18331]
-
-2393. [bug] nested acls containing keys could trigger an
- assertion in acl.c. [RT #18166]
-
-2392. [bug] remove 'grep -q' from acl test script, some platforms
- don't support it. [RT #18253]
-
-2391. [port] hpux: cover additional recvmsg() error codes.
- [RT #18301]
-
-2390. [bug] dispatch.c could make a false warning on 'odd socket'.
- [RT #18301].
-
-2389. [bug] Move the "working directory writable" check to after
- the ns_os_changeuser() call. [RT #18326]
-
-2388. [bug] Avoid using tables for layout purposes in
- statistics XSL [RT #18159].
-
-2386. [func] Add warning about too small 'open files' limit.
- [RT #18269]
-
- --- 9.5.1b1 released ---
-
-2385. [bug] A condition variable in socket.c could leak in
- rare error handling [RT #17968].
-
-2384. [security] Additional support for query port randomization (change
- #2375) including performance improvement and port range
- specification. [RT #17949, #18098]
-
-2383. [bug] named could double queries when they resulted in
- SERVFAIL due to overkilling EDNS0 failure detection.
- [RT #18182]
-
-2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
- to ARM.
-
-2381. [port] dlz/mysql: support multiple install layouts for
- mysql. <prefix>/include/{,mysql/}mysql.h and
- <prefix>/lib/{,mysql/}. [RT #18152]
-
-2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
- proofs which, in turn, caused validation failures
- for insecure zones immediately below a secure zone
- the server was authoritative for. [RT #18112]
-
-2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
- TLDs and supported RRs with TTLs [RT #17972]
-
-2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
- [RT #18169]
-
-2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
-
-2376. [bug] Change #2144 was not complete.
-
-2375. [security] Fully randomize UDP query ports to improve
- forgery resilience. [RT #17949]
-
-2373. [bug] Default values of zone ACLs were re-parsed each time a
- new zone was configured, causing an overconsumption
- of memory. [RT #18092]
-
- --- 9.5.0 released ---
-
-2374. [bug] "blackhole" ACLs could cause named to segfault due
- to some uninitialized memory. [RT #18095]
-
-2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
-
-2371. [doc] add +nsid option to dig man page. [RT #18039]
-
-2370. [bug] "rndc freeze" could trigger an assertion in named
- when called on a nonexistent zone. [RT #18050]
-
- --- 9.5.0rc1 released ---
-
-2368. [port] Linux: use libcap for capability management if
- possible. [RT# 18026]
-
-2367. [bug] Improve counting of dns_resstatscounter_retry
- [RT #18030]
-
-2366. [bug] Adb shutdown race. [RT #18021]
-
-2365. [bug] Fix a bug that caused dns_acl_isany() to return
- spurious results. [RT #18000]
-
-2364. [bug] named could trigger an assertion when serving a
- malformed signed zone. [RT #17828]
-
-2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
- [RT #17513]
-
-2362. [cleanup] Make "rrset-order fixed" a compile-time option.
- settable by "./configure --enable-fixed-rrset".
- Disabled by default. [RT #17977]
-
-2361. [bug] "recursion" statistics counter could be counted
- multiple times for a single query. [RT #17990]
-
- --- 9.5.0b3 released ---
-
-2360. [bug] Fix a condition where we release a database version
- (which may acquire a lock) while holding the lock.
-
-2359. [bug] Fix NSID bug. [RT #17942]
-
-2358. [doc] Update host's default query description. [RT #17934]
-
-2356. [bug] Built in mutex profiler was not scalable enough.
- [RT #17436]
-
-2355. [func] Extend the number statistics counters available.
- [RT #17590]
-
-2354. [bug] Failed to initialize some rdatasetheader_t elements.
- [RT #17927]
-
-2353. [func] Add support for Name Server ID (RFC 5001).
- 'dig +nsid' requests NSID from server.
- 'request-nsid yes;' causes recursive server to send
- NSID requests to upstream servers. Server responds
- to NSID requests with the string configured by
- 'server-id' option. [RT #17091]
-
-2352. [bug] Various GSS_API fixups. [RT #17729]
-
-2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
-
-2350. [port] win32: IPv6 support. [RT #17797]
-
-2347. [bug] Delete now traverses the RB tree in the canonical
- order. [RT #17451]
-
-2346. [func] Memory statistics now cover all active memory contexts
- in increased detail. [RT #17580]
-
-2345. [bug] named-checkconf failed to detect when forwarders
- were set at both the options/view level and in
- a root zone. [RT #17671]
-
-2344. [bug] Improve "logging{ file ...; };" documentation.
- [RT #17888]
-
-2343. [bug] (Seemingly) duplicate IPv6 entries could be
- created in ADB. [RT #17837]
-
-2341. [bug] libbind: add missing -I../include for off source
- tree builds. [RT #17606]
-
-2340. [port] openbsd: interface configuration. [RT #17700]
-
-2339. [port] tru64: support for libbind. [RT #17589]
-
-2338. [bug] check_ds() could be called with a non DS rdataset.
- [RT #17598]
-
-2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
-
-2335. [port] sunos: libbind and *printf() support for long long.
- [RT #17513]
-
-2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
- bug in fromstruct_txt(). [RT #17609]
-
-2333. [bug] Fix off by one error in isc_time_nowplusinterval().
- [RT #17608]
-
-2332. [contrib] query-loc-0.4.0. [RT #17602]
-
-2331. [bug] Failure to regenerate any signatures was not being
- reported nor being past back to the UPDATE client.
- [RT #17570]
-
-2330. [bug] Remove potential race condition when handling
- over memory events. [RT #17572]
-
- WARNING: API CHANGE: over memory callback
- function now needs to call isc_mem_waterack().
- See <isc/mem.h> for details.
-
-2329. [bug] Clearer help text for dig's '-x' and '-i' options.
-
-2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
- F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
- J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
- M.ROOT-SERVERS.NET.
-
-2327. [bug] It was possible to dereference a NULL pointer in
- rbtdb.c. Implement dead node processing in zones as
- we do for caches. [RT #17312]
-
-2326. [bug] It was possible to trigger a INSIST in the acache
- processing.
-
-2325. [port] Linux: use capset() function if available. [RT #17557]
-
- --- 9.5.0b2 released ---
-
-2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
-
-2323. [port] tru64: namespace clash. [RT #17547]
-
-2322. [port] MacOS: work around the limitation of setrlimit()
- for RLIMIT_NOFILE. [RT #17526]
-
-2320. [func] Make statistics counters thread-safe for platforms
- that support certain atomic operations. [RT #17466]
-
-2319. [bug] Silence Coverity warnings in
- lib/dns/rdata/in_1/apl_42.c. [RT #17469]
-
-2318. [port] sunos fixes for libbind. [RT #17514]
-
-2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
-
-2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
- [RT #17513]
-
-2315. [bug] Used incorrect address family for mapped IPv4
- addresses in acl.c. [RT #17519]
-
-2314. [bug] Uninitialized memory use on error path in
- bin/named/lwdnoop.c. [RT #17476]
-
-2313. [cleanup] Silence Coverity warnings. Handle private stacks.
- [RT #17447] [RT #17478]
-
-2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
- [RT #17458]
-
-2311. [bug] IPv6 addresses could match IPv4 ACL entries and
- vice versa. [RT #17462]
-
-2310. [bug] dig, host, nslookup: flush stdout before emitting
- debug/fatal messages. [RT #17501]
-
-2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
- [RT #17455]
-
-2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
- [RT #17495]
-
-2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
-
-2306. [bug] Remove potential race from lib/dns/resolver.c.
- [RT #17470]
-
-2305. [security] inet_network() buffer overflow. CVE-2008-0122.
-
-2304. [bug] Check returns from all dns_rdata_tostruct() calls.
- [RT #17460]
-
-2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
- [RT #17471]
-
-2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
-
-2301. [bug] Remove resource leak and fix error messages in
- bin/tests/system/lwresd/lwtest.c. [RT #17474]
-
-2300. [bug] Fixed failure to close open file in
- bin/tests/names/t_names.c. [RT #17473]
-
-2299. [bug] Remove unnecessary NULL check in
- bin/nsupdate/nsupdate.c. [RT #17475]
-
-2298. [bug] isc_mutex_lock() failure not caught in
- bin/tests/timers/t_timers.c. [RT #17468]
-
-2297. [bug] isc_entropy_createfilesource() failure not caught in
- bin/tests/dst/t_dst.c. [RT #17467]
-
-2296. [port] Allow docbook stylesheet location to be specified to
- configure. [RT #17457]
-
-2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
- [RT #17459]
-
-2294. [func] Allow the experimental statistics channels to have
- multiple connections and ACL.
- Note: the stats-server and stats-server-v6 options
- available in the previous beta releases are replaced
- with the generic statistics-channels statement.
-
-2293. [func] Add ACL regression test. [RT #17375]
-
-2292. [bug] Log if the working directory is not writable.
- [RT #17312]
-
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
- failure to set PR_SET_DUMPABLE. [RT #17312]
-
-2290. [bug] Let AD in the query signal that the client wants AD
- set in the response. [RT #17301]
-
-2288. [port] win32: mark service as running when we have finished
- loading. [RT #17441]
-
-2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
-
-2284. [bug] Memory leak in UPDATE prerequisite processing.
- [RT #17377]
-
-2283. [bug] TSIG keys were not attaching to the memory
- context. TSIG keys should use the rings
- memory context rather than the clients memory
- context. [RT #17377]
-
-2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
-
-2281. [bug] Attempts to use undefined acls were not being logged.
- [RT #17307]
-
-2280. [func] Allow the experimental http server to be reached
- over IPv6 as well as IPv4. [RT #17332]
-
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
- to protect applications from receiving spurious
- SIGPIPE signals when using the resolver.
-
-2278. [bug] win32: handle the case where Windows returns no
- search list or DNS suffix. [RT #17354]
-
-2277. [bug] Empty zone names were not correctly being caught at
- in the post parse checks. [RT #17357]
-
-2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
-
-2275. [func] Add support to dig to perform IXFR queries over UDP.
- [RT #17235]
-
-2274. [func] Log zone transfer statistics. [RT #17336]
-
-2273. [bug] Adjust log level to WARNING when saving inconsistent
- stub/slave master and journal files. [RT# 17279]
-
-2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
- [RT #17262]
-
-2271. [bug] Fix a memory leak in http server code [RT #17100]
-
-2270. [bug] dns_db_closeversion() version->writer could be reset
- before it is tested. [RT #17290]
-
-2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
-
-2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
- list.
-
- --- 9.5.0b1 released ---
-
-2267. [bug] Radix tree node_num value could be set incorrectly,
- causing positive ACL matches to look like negative
- ones. [RT #17311]
-
-2266. [bug] client.c:get_clientmctx() returned the same mctx
- once the pool of mctx's was filled. [RT #17218]
-
-2265. [bug] Test that the memory context's basic_table is non NULL
- before freeing. [RT #17265]
-
-2264. [bug] Server prefix length was being ignored. [RT #17308]
-
-2263. [bug] "named-checkconf -z" failed to set default value
- for "check-integrity". [RT #17306]
-
-2262. [bug] Error status from all but the last view could be
- lost. [RT #17292]
-
-2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
-
-2260. [bug] Reported wrong clients-per-query when increasing the
- value. [RT #17236]
-
-2259. [placeholder]
-
- --- 9.5.0a7 released ---
-
-2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
- [RT #17241]
-
-2257. [bug] win32: Use the full path to vcredist_x86.exe when
- calling it. [RT #17222]
-
-2256. [bug] win32: Correctly register the installation location of
- bindevt.dll. [RT #17159]
-
-2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
-
-2254. [bug] timer.c:dispatch() failed to lock timer->lock
- when reading timer->idle allowing it to see
- intermediate values as timer->idle was reset by
- isc_timer_touch(). [RT #17243]
-
-2253. [func] "max-cache-size" defaults to 32M.
- "max-acache-size" defaults to 16M.
-
-2252. [bug] Fixed errors in sortlist code [RT #17216]
-
-2251. [placeholder]
-
-2250. [func] New flag 'memstatistics' to state whether the
- memory statistics file should be written or not.
- Additionally named's -m option will cause the
- statistics file to be written. [RT #17113]
-
-2249. [bug] Only set Authentic Data bit if client requested
- DNSSEC, per RFC 3655 [RT #17175]
-
-2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
-
-2247. [doc] Sort doc/misc/options. [RT #17067]
-
-2246. [bug] Make the startup of test servers (ans.pl) more
- robust. [RT #17147]
-
-2245. [bug] Validating lack of DS records at trust anchors wasn't
- working. [RT #17151]
-
-2244. [func] Allow the check of nameserver names against the
- SOA MNAME field to be disabled by specifying
- 'notify-to-soa yes;'. [RT #17073]
-
-2243. [func] Configuration files without a newline at the end now
- parse without error. [RT #17120]
-
-2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
- library could require a source of random data.
- [RT #17127]
-
-2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
-
-2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
- a number of INSIST()s into plain fatal() errors
- which report the triggering result code.
- The 'key' command wasn't disabling GSS-TSIG.
- [RT #17099]
-
-2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
-
-2238. [bug] It was possible to trigger a REQUIRE when a
- validation was canceled. [RT #17106]
-
-2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
-
-2236. [bug] dnssec-signzone failed to preserve the case of
- of wildcard owner names. [RT #17085]
-
-2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
-
-2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
-
-2233. [func] Add support for O(1) ACL processing, based on
- radix tree code originally written by Kevin
- Brintnall. [RT #16288]
-
-2232. [bug] dns_adb_findaddrinfo() could fail and return
- ISC_R_SUCCESS. [RT #17137]
-
-2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
- [RT #17088]
-
-2230. [bug] We could INSIST reading a corrupted journal.
- [RT #17132]
-
-2229. [bug] Null pointer dereference on query pool creation
- failure. [RT #17133]
-
-2228. [contrib] contrib: Change 2188 was incomplete.
-
-2227. [cleanup] Tidied up the FAQ. [RT #17121]
-
-2226. [placeholder]
-
-2225. [bug] More support for systems with no IPv4 addresses.
- [RT #17111]
-
-2224. [bug] Defer journal compaction if a xfrin is in progress.
- [RT #17119]
-
-2223. [bug] Make a new journal when compacting. [RT #17119]
-
-2222. [func] named-checkconf now checks server key references.
- [RT #17097]
-
-2221. [bug] Set the event result code to reflect the actual
- record turned to caller when a cache update is
- rejected due to a more credible answer existing.
- [RT #17017]
-
-2220. [bug] win32: Address a race condition in final shutdown of
- the Windows socket code. [RT #17028]
-
-2219. [bug] Apply zone consistency checks to additions, not
- removals, when updating. [RT #17049]
-
-2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
- [RT #16976]
-
-2217. [func] Adjust update log levels. [RT #17092]
-
-2216. [cleanup] Fix a number of errors reported by Coverity.
- [RT #17094]
-
-2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
-
-2214. [bug] Deregister OpenSSL lock callback when cleaning
- up. Reorder OpenSSL cleanup so that RAND_cleanup()
- is called before the locks are destroyed. [RT #17098]
-
-2213. [bug] SIG0 diagnostic failure messages were looking at the
- wrong status code. [RT #17101]
-
-2212. [func] 'host -m' now causes memory statistics and active
- memory to be printed at exit. [RT 17028]
-
-2211. [func] Update "dynamic update temporarily disabled" message.
- [RT #17065]
-
-2210. [bug] Deleting class specific records via UPDATE could
- fail. [RT #17074]
-
-2209. [port] osx: linking against user supplied static OpenSSL
- libraries failed as the system ones were still being
- found. [RT #17078]
-
-2208. [port] win32: make sure both build methods produce the
- same output. [RT #17058]
-
-2207. [port] Some implementations of getaddrinfo() fail to set
- ai_canonname correctly. [RT #17061]
-
- --- 9.5.0a6 released ---
-
-2206. [security] "allow-query-cache" and "allow-recursion" now
- cross inherit from each other.
-
- If allow-query-cache is not set in named.conf then
- allow-recursion is used if set, otherwise allow-query
- is used if set, otherwise the default (localnets;
- localhost;) is used.
-
- If allow-recursion is not set in named.conf then
- allow-query-cache is used if set, otherwise allow-query
- is used if set, otherwise the default (localnets;
- localhost;) is used.
-
- [RT #16987]
-
-2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
-
-2204. [bug] "rndc flushanme name unknown-view" caused named
- to crash. [RT #16984]
-
-2203. [security] Query id generation was cryptographically weak.
- [RT # 16915]
-
-2202. [security] The default acls for allow-query-cache and
- allow-recursion were not being applied. [RT #16960]
-
-2201. [bug] The build failed in a separate object directory.
- [RT #16943]
-
-2200. [bug] The search for cached NSEC records was stopping to
- early leading to excessive DLV queries. [RT #16930]
-
-2199. [bug] win32: don't call WSAStartup() while loading dlls.
- [RT #16911]
-
-2198. [bug] win32: RegCloseKey() could be called when
- RegOpenKeyEx() failed. [RT #16911]
-
-2197. [bug] Add INSIST to catch negative responses which are
- not setting the event result code appropriately.
- [RT #16909]
-
-2196. [port] win32: yield processor while waiting for once to
- to complete. [RT #16958]
-
-2195. [func] dnssec-keygen now defaults to nametype "ZONE"
- when generating DNSKEYs. [RT #16954]
-
-2194. [bug] Close journal before calling 'done' in xfrin.c.
-
- --- 9.5.0a5 released ---
-
-2193. [port] win32: BINDInstall.exe is now linked statically.
- [RT #16906]
-
-2192. [port] win32: use vcredist_x86.exe to install Visual
- Studio's redistributable dlls if building with
- Visual Stdio 2005 or later.
-
-2191. [func] named-checkzone now allows dumping to stdout (-).
- named-checkconf now has -h for help.
- named-checkzone now has -h for help.
- rndc now has -h for help.
- Better handling of '-?' for usage summaries.
- [RT #16707]
-
-2190. [func] Make fallback to plain DNS from EDNS due to timeouts
- more visible. New logging category "edns-disabled".
- [RT #16871]
-
-2189. [bug] Handle socket() returning EINTR. [RT #15949]
-
-2188. [contrib] queryperf: autoconf changes to make the search for
- libresolv or libbind more robust. [RT #16299]
-
-2187. [bug] query_addds(), query_addwildcardproof() and
- query_addnxrrsetnsec() should take a version
- argument. [RT #16368]
-
-2186. [port] cygwin: libbind: check for struct sockaddr_storage
- independently of IPv6. [RT #16482]
-
-2185. [port] sunos: libbind: check for ssize_t, memmove() and
- memchr(). [RT #16463]
-
-2184. [bug] bind9.xsl.h didn't build out of the source tree.
- [RT #16830]
-
-2183. [bug] dnssec-signzone didn't handle offline private keys
- well. [RT #16832]
-
-2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
- could return ISC_R_SUCCESS when they ran out of
- memory. [RT #16365]
-
-2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
-
-2180. [cleanup] Remove bit test from 'compress_test' as they
- are no longer needed. [RT #16497]
-
-2179. [func] 'rndc command zone' will now find 'zone' if it is
- unique to all the views. [RT #16821]
-
-2178. [bug] 'rndc reload' of a slave or stub zone resulted in
- a reference leak. [RT #16867]
-
-2177. [bug] Array bounds overrun on read (rcodetext) at
- debug level 10+. [RT #16798]
-
-2176. [contrib] dbus update to handle race condition during
- initialization (Bugzilla 235809). [RT #16842]
-
-2175. [bug] win32: windows broadcast condition variable support
- was broken. [RT #16592]
-
-2174. [bug] I/O errors should always be fatal when reading
- master files. [RT #16825]
-
-2173. [port] win32: When compiling with MSVS 2005 SP1 we also
- need to ship Microsoft.VC80.MFCLOC.
-
- --- 9.5.0a4 released ---
-
-2172. [bug] query_addsoa() was being called with a non zone db.
- [RT #16834]
-
-2171. [bug] Handle breaks in DNSSEC trust chains where the parent
- servers are not DS aware (DS queries to the parent
- return a referral to the child).
-
-2170. [func] Add acache processing to test suite. [RT #16711]
-
-2169. [bug] host, nslookup: when reporting NXDOMAIN report the
- given name and not the last name searched for.
- [RT #16763]
-
-2168. [bug] nsupdate: in non-interactive mode treat syntax errors
- as fatal errors. [RT #16785]
-
-2167. [bug] When re-using a automatic zone named failed to
- attach it to the new view. [RT #16786]
-
- --- 9.5.0a3 released ---
-
-2166. [bug] When running in batch mode, dig could misinterpret
- a server address as a name to be looked up, causing
- unexpected output. [RT #16743]
-
-2165. [func] Allow the destination address of a query to determine
- if we will answer the query or recurse.
- allow-query-on, allow-recursion-on and
- allow-query-cache-on. [RT #16291]
-
-2164. [bug] The code to determine how named-checkzone /
- named-compilezone was called failed under windows.
- [RT #16764]
-
-2163. [bug] If only one of query-source and query-source-v6
- specified a port the query pools code broke (change
- 2129). [RT #16768]
-
-2162. [func] Allow "rrset-order fixed" to be disabled at compile
- time. [RT #16665]
-
-2161. [bug] Fix which log messages are emitted for 'rndc flush'.
- [RT #16698]
-
-2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
- from getifaddrs(). [RT #16708]
-
- --- 9.5.0a2 released ---
-
-2159. [bug] Array bounds overrun in acache processing. [RT #16710]
-
-2158. [bug] ns_client_isself() failed to initialize key
- leading to a REQUIRE failure. [RT #16688]
-
-2157. [func] dns_db_transfernode() created. [RT #16685]
-
-2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
- resolver.c:validated() and resolver.c:cache_name().
- Fix a memory leak in rbtdb.c:free_noqname().
- Make lookup.c:lookup_find() robust against
- event leaks. [RT #16685]
-
-2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
- [RT #16694]
-
-2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
- matched in acls by omitting the scope. [RT #16599]
-
-2153. [bug] nsupdate could leak memory. [RT #16691]
-
-2152. [cleanup] Use sizeof(buf) instead of fixed number in
- dighost.c:get_trusted_key(). [RT #16678]
-
-2151. [bug] Missing newline in usage message for journalprint.
- [RT #16679]
-
-2150. [bug] 'rrset-order cyclic' uniformly distribute the
- starting point for the first response for a given
- RRset. [RT #16655]
-
-2149. [bug] isc_mem_checkdestroyed() failed to abort on
- if there were still active memory contexts.
- [RT #16672]
-
-2148. [func] Add positive logging for rndc commands. [RT #14623]
-
-2147. [bug] libbind: remove potential buffer overflow from
- hmac_link.c. [RT #16437]
-
-2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
- SO_BSDCOMPAT" message. [RT #16641]
-
-2145. [bug] Check DS/DLV digest lengths for known digests.
- [RT #16622]
-
-2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
- [RT #16619]
-
-2143. [bug] We failed to restart the IPv6 client when the
- kernel failed to return the destination the
- packet was sent to. [RT #16613]
-
-2142. [bug] Handle master files with a modification time that
- matches the epoch. [RT# 16612]
-
-2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
- equivalent of LDH checks). [RT #16609]
-
-2140. [bug] libbind: missing unlock on pthread_key_create()
- failures. [RT #16654]
-
-2139. [bug] dns_view_find() was being called with wrong type
- in adb.c. [RT #16670]
-
-2138. [bug] Lock order reversal in resolver.c. [RT #16653]
-
-2137. [port] Mips little endian and/or mips 64 bit are now
- supported for atomic operations. [RT#16648]
-
-2136. [bug] nslookup/host looped if there was no search list
- and the host didn't exist. [RT #16657]
-
-2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
-
-2134. [func] Additional statistics support. [RT #16666]
-
-2133. [port] powerpc: Support both IBM and MacOS Power PC
- assembler syntaxes. [RT #16647]
-
-2132. [bug] Missing unlock on out of memory in
- dns_dispatchmgr_setudp().
-
-2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
-
-2130. [func] Log if CD or DO were set. [RT #16640]
-
-2129. [func] Provide a pool of UDP sockets for queries to be
- made over. See use-queryport-pool, queryport-pool-ports
- and queryport-pool-updateinterval. [RT #16415]
-
-2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
-
-2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
-
-2126. [security] Serialize validation of type ANY responses. [RT #16555]
-
-2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
- was defined. [RT #16574]
-
-2124. [security] It was possible to dereference a freed fetch
- context. [RT #16584]
-
- --- 9.5.0a1 released ---
-
-2123. [func] Use Doxygen to generate internal documentation.
- [RT #11398]
-
-2122. [func] Experimental http server and statistics support
- for named via xml.
-
-2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
- second timeout. [RT #16553]
-
-2120. [doc] Fix markup on nsupdate man page. [RT #16556]
-
-2119. [compat] libbind: allow res_init() to succeed enough to
- return the default domain even if it was unable
- to allocate memory.
-
-2118. [bug] Handle response with long chains of domain name
- compression pointers which point to other compression
- pointers. [RT #16427]
-
-2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
- which could lead to validation failures. named didn't
- handle negative DS responses that were in the process
- of being validated. Check CNAME bit before accepting
- NODATA proof. To be able to ignore a child NSEC there
- must be SOA (and NS) set in the bitmap. [RT #16399]
-
-2116. [bug] 'rndc reload' could cause the cache to continually
- be cleaned. [RT #16401]
-
-2115. [bug] 'rndc reconfig' could trigger a INSIST if the
- number of masters for a zone was reduced. [RT #16444]
-
-2114. [bug] dig/host/nslookup: searches for names with multiple
- labels were failing. [RT #16447]
-
-2113. [bug] nsupdate: if a zone is specified it should be used
- for server discover. [RT# 16455]
-
-2112. [security] Warn if weak RSA exponent is used. [RT #16460]
-
-2111. [bug] Fix a number of errors reported by Coverity.
- [RT #16507]
-
-2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
- priming queries. [RT #16491]
-
-2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
-
-2108. [func] DHCID support. [RT #16456]
-
-2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
-
-2106. [func] 'rndc status' now reports named's version. [RT #16426]
-
-2105. [func] GSS-TSIG support (RFC 3645).
-
-2104. [port] Fix Solaris SMF error message.
-
-2103. [port] Add /usr/sfw to list of locations for OpenSSL
- under Solaris.
-
-2102. [port] Silence Solaris 10 warnings.
-
-2101. [bug] OpenSSL version checks were not quite right.
- [RT #16476]
-
-2100. [port] win32: copy libeay32.dll to Build\Debug.
- Copy Debug\named-checkzone to Debug\named-compilezone.
-
-2099. [port] win32: more manifest issues.
-
-2098. [bug] Race in rbtdb.c:no_references(), which occasionally
- triggered an INSIST failure about the node lock
- reference. [RT #16411]
-
-2097. [bug] named could reference a destroyed memory context
- after being reloaded / reconfigured. [RT #16428]
-
-2096. [bug] libbind: handle applications that fail to detect
- res_init() failures better.
-
-2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
- net_cidr_ntop_ipv6(). [RT #16388]
-
-2094. [contrib] Update named-bootconf. [RT# 16404]
-
-2093. [bug] named-checkzone -s was broken.
-
-2092. [bug] win32: dig, host, nslookup. Use registry config
- if resolv.conf does not exist or no nameservers
- listed. [RT #15877]
-
-2091. [port] dighost.c: race condition on cleanup. [RT #16417]
-
-2090. [port] win32: Visual C++ 2005 command line manifest support.
- [RT #16417]
-
-2089. [security] Raise the minimum safe OpenSSL versions to
- OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
- prior to these have known security flaws which
- are (potentially) exploitable in named. [RT #16391]
-
-2088. [security] Change the default RSA exponent from 3 to 65537.
- [RT #16391]
-
-2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
- [RT #16382]
-
-2086. [port] libbind: FreeBSD now has get*by*_r() functions.
- [RT #16403]
-
-2085. [doc] win32: added index.html and README to zip. [RT #16201]
-
-2084. [contrib] dbus update for 9.3.3rc2.
-
-2083. [port] win32: Visual C++ 2005 support.
-
-2082. [doc] Document 'cache-file' as a test only option.
-
-2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
- [RT #16360]
-
-2080. [port] libbind: res_init.c did not compile on older versions
- of Solaris. [RT #16363]
-
-2079. [bug] The lame cache was not handling multiple types
- correctly. [RT #16361]
-
-2078. [bug] dnssec-checkzone output style "default" was badly
- named. It is now called "relative". [RT #16326]
-
-2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
- complete signed zone. [RT #16326]
-
-2076. [bug] Several files were missing #include <config.h>
- causing build failures on OSF. [RT #16341]
-
-2075. [bug] The spillat timer event hander could leak memory.
- [RT #16357]
-
-2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
- dns_request_createraw2() and dns_request_createraw3()
- failed to send multiple UDP requests. [RT #16349]
-
-2073. [bug] Incorrect semantics check for update policy "wildcard".
- [RT #16353]
-
-2072. [bug] We were not generating valid HMAC SHA digests.
- [RT #16320]
-
-2071. [port] Test whether gcc accepts -fno-strict-aliasing.
- [RT #16324]
-
-2070. [bug] The remote address was not always displayed when
- reporting dispatch failures. [RT #16315]
-
-2069. [bug] Cross compiling was not working. [RT #16330]
-
-2068. [cleanup] Lower incremental tuning message to debug 1.
- [RT #16319]
-
-2067. [bug] 'rndc' could close the socket too early triggering
- a INSIST under Windows. [RT #16317]
-
-2066. [security] Handle SIG queries gracefully. [RT #16300]
-
-2065. [bug] libbind: probe for HPUX prototypes for
- endprotoent_r() and endservent_r(). [RT 16313]
-
-2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
-
-2063. [bug] Change #1955 introduced a bug which caused the first
- 'rndc flush' call to not free memory. [RT #16244]
-
-2062. [bug] 'dig +nssearch' was reusing a buffer before it had
- been returned by the socket code. [RT #16307]
-
-2061. [bug] Accept expired wildcard message reversed. [RT #16296]
-
-2060. [bug] Enabling DLZ support could leave views partially
- configured. [RT #16295]
-
-2059. [bug] Search into cache rbtdb could trigger an INSIST
- failure while cleaning up a stale rdataset.
- [RT #16292]
-
-2058. [bug] Adjust how we calculate rtt estimates in the presence
- of authoritative servers that drop EDNS and/or CD
- requests. Also fallback to EDNS/512 and plain DNS
- faster for zones with less than 3 servers. [RT #16187]
-
-2057. [bug] Make setting "ra" dependent on both allow-query-cache
- and allow-recursion. [RT #16290]
-
-2056. [bug] dig: ixfr= was not being treated case insensitively
- at all times. [RT #15955]
-
-2055. [bug] Missing goto after dropping multicast query.
- [RT #15944]
-
-2054. [port] freebsd: do not explicitly link against -lpthread.
- [RT #16170]
-
-2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
-
-2052. [bug] 'rndc' improve connect failed message to report
- the failing address. [RT #15978]
-
-2051. [port] More strtol() fixes. [RT #16249]
-
-2050. [bug] Parsing of NSAP records was not case insensitive.
- [RT #16287]
-
-2049. [bug] Restore SOA before AXFR when falling back from
- a attempted IXFR when transferring in a zone.
- Allow a initial SOA query before attempting
- a AXFR to be requested. [RT #16156]
-
-2048. [bug] It was possible to loop forever when using
- avoid-v4-udp-ports / avoid-v6-udp-ports when
- the OS always returned the same local port.
- [RT #16182]
-
-2047. [bug] Failed to initialize the interface flags to zero.
- [RT #16245]
-
-2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
- cleanup [RT #16247].
-
-2045. [func] Use lock buckets for acache entries to limit memory
- consumption. [RT #16183]
-
-2044. [port] Add support for atomic operations for Itanium.
- [RT #16179]
-
-2043. [port] nsupdate/nslookup: Force the flushing of the prompt
- for interactive sessions. [RT#16148]
-
-2042. [bug] named-checkconf was incorrectly rejecting the
- logging category "config". [RT #16117]
-
-2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
- set of libraries to be linked. [RT #16129]
-
-2040. [bug] rbtdb no_references() could trigger an INSIST
- failure with --enable-atomic. [RT #16022]
-
-2039. [func] Check that all buffers passed to the socket code
- have been retrieved when the socket event is freed.
- [RT #16122]
-
-2038. [bug] dig/nslookup/host was unlinking from wrong list
- when handling errors. [RT #16122]
-
-2037. [func] When unlinking the first or last element in a list
- check that the list head points to the element to
- be unlinked. [RT #15959]
-
-2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
- [RT #16075]
-
-2035. [func] Make falling back to TCP on UDP refresh failure
- optional. Default "try-tcp-refresh yes;" for BIND 8
- compatibility. [RT #16123]
-
-2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
-
-2033. [bug] We weren't creating multiple client memory contexts
- on demand as expected. [RT #16095]
-
-2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
-
-2031. [bug] Emit a error message when "rndc refresh" is called on
- a non slave/stub zone. [RT # 16073]
-
-2030. [bug] We were being overly conservative when disabling
- openssl engine support. [RT #16030]
-
-2029. [bug] host printed out the server multiple times when
- specified on the command line. [RT #15992]
-
-2028. [port] linux: socket.c compatibility for old systems.
- [RT #16015]
-
-2027. [port] libbind: Solaris x86 support. [RT #16020]
-
-2026. [bug] Rate limit the two recursive client exceeded messages.
- [RT #16044]
-
-2025. [func] Update "zone serial unchanged" message. [RT #16026]
-
-2024. [bug] named emitted spurious "zone serial unchanged"
- messages on reload. [RT #16027]
-
-2023. [bug] "make install" should create ${localstatedir}/run and
- ${sysconfdir} if they do not exist. [RT #16033]
-
-2022. [bug] If dnssec validation is disabled only assert CD if
- CD was requested. [RT #16037]
-
-2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
-
-2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
-
-2019. [tuning] Reduce the amount of work performed per quantum
- when cleaning the cache. [RT #15986]
-
-2018. [bug] Checking if the HMAC MD5 private file was broken.
- [RT #15960]
-
-2017. [bug] allow-query default was not correct. [RT #15946]
-
-2016. [bug] Return a partial answer if recursion is not
- allowed but requested and we had the answer
- to the original qname. [RT #15945]
-
-2015. [cleanup] use-additional-cache is now acache-enable for
- consistency. Default acache-enable off in BIND 9.4
- as it requires memory usage to be configured.
- It may be enabled by default in BIND 9.5 once we
- have more experience with it.
-
-2014. [func] Statistics about acache now recorded and sent
- to log. [RT #15976]
-
-2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
- responses more gracefully. [RT #15941]
-
-2012. [func] Don't insert new acache entries if acache is full.
- [RT #15970]
-
-2011. [func] dnssec-signzone can now update the SOA record of
- the signed zone, either as an increment or as the
- system time(). [RT #15633]
-
-2010. [placeholder] rt15958
-
-2009. [bug] libbind: Coverity fixes. [RT #15808]
-
-2008. [func] It is now possible to enable/disable DNSSEC
- validation from rndc. This is useful for the
- mobile hosts where the current connection point
- breaks DNSSEC (firewall/proxy). [RT #15592]
-
- rndc validation newstate [view]
-
-2007. [func] It is now possible to explicitly enable DNSSEC
- validation. default dnssec-validation no; to
- be changed to yes in 9.5.0. [RT #15674]
-
-2006. [security] Allow-query-cache and allow-recursion now default
- to the built in acls "localnets" and "localhost".
-
- This is being done to make caching servers less
- attractive as reflective amplifying targets for
- spoofed traffic. This still leave authoritative
- servers exposed.
-
- The best fix is for full BCP 38 deployment to
- remove spoofed traffic.
-
-2005. [bug] libbind: Retransmission timeouts should be
- based on which attempt it is to the nameserver
- and not the nameserver itself. [RT #13548]
-
-2004. [bug] dns_tsig_sign() could pass a NULL pointer to
- dst_context_destroy() when cleaning up after a
- error. [RT #15835]
-
-2003. [bug] libbind: The DNS name/address lookup functions could
- occasionally follow a random pointer due to
- structures not being completely zeroed. [RT #15806]
-
-2002. [bug] libbind: tighten the constraints on when
- struct addrinfo._ai_pad exists. [RT #15783]
-
-2001. [func] Check the KSK flag when updating a secure dynamic zone.
- New zone option "update-check-ksk yes;". [RT #15817]
-
-2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
-
-1999. [func] Implement "rrset-order fixed". [RT #13662]
-
-1998. [bug] Restrict handling of fifos as sockets to just SunOS.
- This allows named to connect to entropy gathering
- daemons that use fifos instead of sockets. [RT #15840]
-
-1997. [bug] Named was failing to replace negative cache entries
- when a positive one for the type was learnt.
- [RT #15818]
-
-1996. [bug] nsupdate: if a zone has been specified it should
- appear in the output of 'show'. [RT #15797]
-
-1995. [bug] 'host' was reporting multiple "is an alias" messages.
- [RT #15702]
-
-1994. [port] OpenSSL 0.9.8 support. [RT #15694]
-
-1993. [bug] Log messages, via syslog, were missing the space
- after the timestamp if "print-time yes" was specified.
- [RT #15844]
-
-1992. [bug] Not all incoming zone transfer messages included the
- view. [RT #15825]
-
-1991. [cleanup] The configuration data, once read, should be treated
- as read only. Expand the use of const to enforce this
- at compile time. [RT #15813]
-
-1990. [bug] libbind: isc's override of broken gettimeofday()
- implementations was not always effective.
- [RT #15709]
-
-1989. [bug] win32: don't check the service password when
- re-installing. [RT #15882]
-
-1988. [bug] Remove a bus error from the SHA256/SHA512 support.
- [RT #15878]
-
-1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
-
-1986. [func] Report when a zone is removed. [RT #15849]
-
-1985. [protocol] DLV has now been assigned a official type code of
- 32769. [RT #15807]
-
- Note: care should be taken to ensure you upgrade
- both named and dnssec-signzone at the same time for
- zones with DLV records where named is the master
- server for the zone. Also any zones that contain
- DLV records should be removed when upgrading a slave
- zone. You do not however have to upgrade all
- servers for a zone with DLV records simultaneously.
-
-1984. [func] dig, nslookup and host now advertise a 4096 byte
- EDNS UDP buffer size by default. [RT #15855]
-
-1983. [func] Two new update policies. "selfsub" and "selfwild".
- [RT #12895]
-
-1982. [bug] DNSKEY was being accepted on the parent side of
- a delegation. KEY is still accepted there for
- RFC 3007 validated updates. [RT #15620]
-
-1981. [bug] win32: condition.c:wait() could fail to reattain
- the mutex lock.
-
-1980. [func] dnssec-signzone: output the SOA record as the
- first record in the signed zone. [RT #15758]
-
-1979. [port] linux: allow named to drop core after changing
- user ids. [RT #15753]
-
-1978. [port] Handle systems which have a broken recvmsg().
- [RT #15742]
-
-1977. [bug] Silence noisy log message. [RT #15704]
-
-1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
-
-1975. [bug] libbind: isc_gethexstring() could misparse multi-line
- hex strings with comments. [RT #15814]
-
-1974. [doc] List each of the zone types and associated zone
- options separately in the ARM.
-
-1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
- HMACSHA512 support. [RT #13606]
-
-1972. [contrib] DBUS dynamic forwarders integration from
- Jason Vas Dias <jvdias@redhat.com>.
-
-1971. [port] linux: make detection of missing IF_NAMESIZE more
- robust. [RT #15443]
-
-1970. [bug] nsupdate: adjust UDP timeout when falling back to
- unsigned SOA query. [RT #15775]
-
-1969. [bug] win32: the socket code was freeing the socket
- structure too early. [RT #15776]
-
-1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
-
-1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
-
-1966. [bug] Don't set CD when we have fallen back to plain DNS.
- [RT #15727]
-
-1965. [func] Suppress spurious "recusion requested but not
- available" warning with 'dig +qr'. [RT #15780].
-
-1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
-
-1963. [port] Tru64 4.0E doesn't support send() and recv().
- [RT #15586]
-
-1962. [bug] Named failed to clear old update-policy when it
- was removed. [RT #15491]
-
-1961. [bug] Check the port and address of responses forwarded
- to dispatch. [RT #15474]
-
-1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
- [RT #15465]
-
-1959. [func] Control the zeroing of the negative response TTL to
- a soa query. Defaults "zero-no-soa-ttl yes;" and
- "zero-no-soa-ttl-cache no;". [RT #15460]
-
-1958. [bug] Named failed to update the zone's secure state
- until the zone was reloaded. [RT #15412]
-
-1957. [bug] Dig mishandled responses to class ANY queries.
- [RT #15402]
-
-1956. [bug] Improve cross compile support, 'gen' is now built
- by native compiler. See README for additional
- cross compile support information. [RT #15148]
-
-1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
-
-1954. [func] Named now falls back to advertising EDNS with a
- 512 byte receive buffer if the initial EDNS queries
- fail. [RT #14852]
-
-1953. [func] The maximum EDNS UDP response named will send can
- now be set in named.conf (max-udp-size). This is
- independent of the advertised receive buffer
- (edns-udp-size). [RT #14852]
-
-1952. [port] hpux: tell the linker to build a runtime link
- path "-Wl,+b:". [RT #14816].
-
-1951. [security] Drop queries from particular well known ports.
- Don't return FORMERR to queries from particular
- well known ports. [RT #15636]
-
-1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
- a TCP socket. This prevents the source address being
- set for TCP connections. [RT #15628]
-
-1949. [func] Addition memory leakage checks. [RT #15544]
-
-1948. [bug] If was possible to trigger a REQUIRE failure in
- xfrin.c:maybe_free() if named ran out of memory.
- [RT #15568]
-
-1947. [func] It is now possible to configure named to accept
- expired RRSIGs. Default "dnssec-accept-expired no;".
- Setting "dnssec-accept-expired yes;" leaves named
- vulnerable to replay attacks. [RT #14685]
-
-1946. [bug] resume_dslookup() could trigger a REQUIRE failure
- when using forwarders. [RT #15549]
-
-1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
- To generate a RSAMD5 key you must explicitly request
- RSAMD5. [RT #13780]
-
-1944. [cleanup] isc_hash_create() does not need a read/write lock.
- [RT #15522]
-
-1943. [bug] Set the loadtime after rolling forward the journal.
- [RT #15647]
-
-1942. [bug] If the name of a DNSKEY match that of one in
- trusted-keys do not attempt to validate the DNSKEY
- using the parents DS RRset. [RT #15649]
-
-1941. [bug] ncache_adderesult() should set eresult even if no
- rdataset is passed to it. [RT #15642]
-
-1940. [bug] Fixed a number of error conditions reported by
- Coverity.
-
-1939. [bug] The resolver could dereference a null pointer after
- validation if all the queries have timed out.
- [RT #15528]
-
-1938. [bug] The validator was not correctly handling unsecure
- negative responses at or below a SEP. [RT #15528]
-
-1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
-
-1936. [bug] The validator could leak memory. [RT #15544]
-
-1935. [bug] 'acache' was DO sensitive. [RT #15430]
-
-1934. [func] Validate pending NS RRsets, in the authority section,
- prior to returning them if it can be done without
- requiring DNSKEYs to be fetched. [RT #15430]
-
-1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
-
-1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
-
-1931. [bug] Per-client mctx could require a huge amount of memory,
- particularly for a busy caching server. [RT #15519]
-
-1930. [port] HPUX: ia64 support. [RT #15473]
-
-1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
-
-1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
-
-1927. [bug] Access to soanode or nsnode in rbtdb violated the
- lock order rule and could cause a dead lock.
- [RT# 15518]
-
-1926. [bug] The Windows installer did not check for empty
- passwords. BINDinstall was being installed in
- the wrong place. [RT #15483]
-
-1925. [port] All outer level AC_TRY_RUNs need cross compiling
- defaults. [RT #15469]
-
-1924. [port] libbind: hpux ia64 support. [RT #15473]
-
-1923. [bug] ns_client_detach() called too early. [RT #15499]
-
-1922. [bug] check-tool.c:setup_logging() missing call to
- dns_log_setcontext().
-
-1921. [bug] Client memory contexts were not using internal
- malloc. [RT# 15434]
-
-1920. [bug] The cache rbtdb lock array was too small to
- have the desired performance characteristics.
- [RT #15454]
-
-1919. [contrib] queryperf: a set of new features: collecting/printing
- response delays, printing intermediate results, and
- adjusting query rate for the "target" qps.
-
-1918. [bug] Memory leak when checking acls. [RT #15391]
-
-1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
- when generating man pages. [RT #15385]
-
-1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
-
-1915. [bug] dig +ndots was broken. [RT #15215]
-
-1914. [protocol] DS is required to accept mnemonic algorithms
- (RFC 4034). Still emit numeric algorithms for
- compatibility with RFC 3658. [RT #15354]
-
-1913. [func] Integrate contributed DLZ code into named. [RT #11382]
-
-1912. [port] aix: atomic locking for powerpc. [RT #15020]
-
-1911. [bug] Update windows socket code. [RT #14965]
-
-1910. [bug] dig's +sigchase code overhauled. [RT #14933]
-
-1909. [bug] The DLV code has been re-worked to make no longer
- query order sensitive. [RT #14933]
-
-1908. [func] dig now warns if 'RA' is not set in the answer when
- 'RD' was set in the query. host/nslookup skip servers
- that fail to set 'RA' when 'RD' is set unless a server
- is explicitly set. [RT #15005]
-
-1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
- [RT #15006]
-
-1906. [func] dig now has a '-q queryname' and '+showsearch' options.
- [RT #15034]
-
-1905. [bug] Strings returned from cfg_obj_asstring() should be
- treated as read-only. The prototype for
- cfg_obj_asstring() has been updated to reflect this.
- [RT #15256]
-
-1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
- friends. Note: RFC 1918 zones are not yet covered by
- this but are likely to be in a future release.
-
- New options: empty-server, empty-contact,
- empty-zones-enable and disable-empty-zone.
-
-1903. [func] ISC string copy API.
-
-1902. [func] Attempt to make the amount of work performed in a
- iteration self tuning. The covers nodes clean from
- the cache per iteration, nodes written to disk when
- rewriting a master file and nodes destroyed per
- iteration when destroying a zone or a cache.
- [RT #14996]
-
-1901. [cleanup] Don't add DNSKEY records to the additional section.
-
-1900. [bug] ixfr-from-differences failed to ensure that the
- serial number increased. [RT #15036]
-
-1899. [func] named-checkconf now validates update-policy entries.
- [RT #14963]
-
-1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
- ISC_NETADDR_FORMATSIZE to allow for scope details.
-
-1897. [func] x86 and x86_64 now have separate atomic locking
- implementations.
-
-1896. [bug] Recursive clients soft quota support wasn't working
- as expected. [RT #15103]
-
-1895. [bug] A escaped character is, potentially, converted to
- the output character set too early. [RT #14666]
-
-1894. [doc] Review ARM for BIND 9.4.
-
-1893. [port] Use uintptr_t if available. [RT #14606]
-
-1892. [func] Support for SPF rdata type. [RT #15033]
-
-1891. [port] freebsd: pthread_mutex_init can fail if it runs out
- of memory. [RT #14995]
-
-1890. [func] Raise the UDP receive buffer size to 32k if it is
- less than 32k. [RT #14953]
-
-1889. [port] sunos: non blocking i/o support. [RT #14951]
-
-1888. [func] Support for IPSECKEY rdata type. [RT #14967]
-
-1887. [bug] The cache could delete expired records too fast for
- clients with a virtual time in the past. [RT #14991]
-
-1886. [bug] fctx_create() could return success even though it
- failed. [RT #14993]
-
-1885. [func] dig: report the number of extra bytes still left in
- the packet after processing all the records.
-
-1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
-
-1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
- levels. [RT #14962]
-
-1882. [func] Limit the number of recursive clients that can be
- waiting for a single query (<qname,qtype,qclass>) to
- resolve. New options clients-per-query and
- max-clients-per-query.
-
-1881. [func] Add a system test for named-checkconf. [RT #14931]
-
-1880. [func] The lame cache is now done on a <qname,qclass,qtype>
- basis as some servers only appear to be lame for
- certain query types. [RT #14916]
-
-1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
- [RT #14892]
-
-1878. [func] Detect duplicates of UDP queries we are recursing on
- and drop them. New stats category "duplicate".
- [RT #2471]
-
-1877. [bug] Fix unreasonably low quantum on call to
- dns_rbt_destroy2(). Remove unnecessary unhash_node()
- call. [RT #14919]
-
-1876. [func] Additional memory debugging support to track size
- and mctx arguments. [RT #14814]
-
-1875. [bug] process_dhtkey() was using the wrong memory context
- to free some memory. [RT #14890]
-
-1874. [port] sunos: portability fixes. [RT #14814]
-
-1873. [port] win32: isc__errno2result() now reports its caller.
- [RT #13753]
-
-1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
-
-1871. [placeholder]
-
-1870. [func] Added framework for handling multiple EDNS versions.
- [RT #14873]
-
-1869. [func] dig can now specify the EDNS version when making
- &nbs
lentferj's projects / dragonfly.git / commitdiff